SIM swapping is a cybercrime category we have explored in the past, but recently, we have seen the tactic regain popularity in the financial and cryptocurrency sectors. SIM swapping is the act of taking control of a victim’s phone number and transferring that control to a different phone. Criminals then use the phone number for SMS authentication of websites or to impersonate the victim to create a scam or attack the victim’s contacts. The most popular method criminals use to acquire SIM credentials is to call the mobile carrier and impersonate the customer. The criminal must have personally identifiable information (PII) about the customer and some sort of password or PIN, depending on the carrier, to relocate the SIM information. The PII and password information could be found in a data dump from a past data breach, but the steps the attacker must go through make these attacks highly targeted.
An employee from the financial company Kroll was subject to a SIM swapping attack last week, allowing hackers to access bankruptcy claims and customer information. The company called out the carrier in question in its security advisory, saying, “Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor’s phone at their request.”
The US Cybersecurity and Infrastructure Security Agency (CISA) released a report earlier this month highlighting hacker groups using SIM swapping to bypass industrial standard security tools.
“The Board examined how a loosely organized group of hackers, some of them teenagers, were consistently able to break into the most well-defended companies in the world,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. The report proposed businesses adopt passwordless authentication in response to the inability of mobile carriers to secure their customers.
It’s clear that SIM swapping is still a popular attack vector in some business sectors. Often, PII can be skimmed from social media and previous data breaches. Employees should be aware of the information they share on social media, and businesses should explore authenticator tools that do not use SMS messaging and, eventually, passwordless solutions.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
